AgentSkillsCN

Agent Card Provisioning

按需为AI代理发放虚拟支付卡。可根据政策设定,创建一次性或有限次数使用的支付卡,并支持消费额度管控、商户限制以及自动到期功能。只要政策允许,支付卡便可即时签发。

SKILL.md
--- frontmatter
category: Business
id: agent-card-provisioning
name: Agent Card Provisioning
description: Provision virtual payment cards for AI agents on-demand. Create single-use or limited cards with spending controls, merchant restrictions, and automatic expiration. Cards are issued instantly when policy allows.

Agent Card Provisioning

Provision virtual payment cards for AI agents with built-in spending controls.

How It Works

  1. Agent requests card via payment intent
  2. Policy evaluates the request (amount, merchant, limits)
  3. Card issued if within policy OR approval required if over threshold
  4. Agent uses card for the specific purchase
  5. Transaction tracked and matched to intent

Creating a Card (Intent-Based)

Cards are provisioned through payment intents, not created directly:

code
proxy.intents.create
├── merchant: "Amazon"
├── amount: 49.99
├── description: "Office supplies"
└── category: "office_supplies" (optional)

If approved (auto or manual), a card is issued:

code
Response:
├── id: "int_abc123"
├── status: "pending" or "card_issued"
├── cardId: "card_xyz789"
└── message: "Card issued successfully"

Getting Card Details

Masked (for display)

code
proxy.cards.get { cardId: "card_xyz789" }
→ { last4: "4242", brand: "Visa", status: "active" }

Full Details (for payment)

code
proxy.cards.get_sensitive { cardId: "card_xyz789" }
→ {
    pan: "4532015112830366",
    cvv: "847",
    expiryMonth: "03",
    expiryYear: "2027",
    billingAddress: {
      line1: "123 Main St",
      city: "New York",
      state: "NY",
      postalCode: "10001",
      country: "US"
    }
  }

Card Controls (via Policy)

Policies define what cards can be used for:

ControlDescription
Spending limitMax per transaction
Daily/monthly limitsCumulative caps
Merchant categoriesAllowed/blocked MCCs
Auto-approve thresholdBelow = instant, above = human approval
ExpirationCard validity period

Card Lifecycle

code
Intent Created
      │
      ▼
┌─────────────┐
│   Policy    │
│  Evaluation │
└──────┬──────┘
       │
  ┌────┴────┐
  ▼         ▼
Auto     Needs
Approve  Approval
  │         │
  ▼         ▼
Card     [Human]
Issued      │
  │         │
  ◀─────────┘
  │
  ▼
Card Used
  │
  ▼
Transaction
 Matched
  │
  ▼
Card
Expired

Best Practices

  1. One intent per purchase - Creates audit trail
  2. Descriptive intent names - Helps reconciliation
  3. Set reasonable policies - Balance autonomy vs control
  4. Monitor transactions - Use proxy.transactions.list_for_card

Security

  • Cards are single-purpose (one intent = one card)
  • Unused cards auto-expire
  • Full PAN only via get_sensitive (requires auth)
  • All transactions logged and reconciled